5.1 Compare And Contrast Various Types Of Controls

Question 1

Category

Answer 1

There are hundreds, perhaps thousands, of security controls that organizations can implement to reduce risk. The good news is that you don’t need to be an expert on all the possible security controls to pass the CompTIA Security+ exam. However, you do need to have a basic understanding of control categories and control types. CompTIA lists the following control categories in the objectives:

Question 2

Managerial

Answer 2

Managerial controls are primarily administrative in function. They are typically documented in an organization’s security policy and focus on managing risk.

Question 3

Operational

Answer 3

Operational controls help ensure that the day-to-day operations of an organization comply with the security policy. People implement them.

Question 4

Technical

Answer 4

Technical controls use technology such as hardware, software, and firmware to reduce vulnerabilities.

Question 5

Preventive

Answer 5

Preventative controls attempt to prevent an incident from occurring.

Question 6

Detective

Answer 6

Detective controls attempt to detect incidents after they have occurred.

Question 7

Corrective

Answer 7

Corrective controls attempt to reverse the impact of an incident.

Question 8

Deterrent

Answer 8

Deterrent controls attempt to discourage individuals from causing an incident.

Question 9

Compensating

Answer 9

Compensating controls are alternative controls used when a primary control is not feasible.

Question 10

Physical

Answer 10

Physical controls refer to controls you can physically touch.